Computer security firm blames cyberspying on Chinese military

Published: Wednesday, Feb. 20, 2013 11:03 a.m. CST

By Ken Dilanian — Tribune Washington Bureau

(MCT) — WASHINGTON — A clandestine Chinese military unit has conducted sophisticated cyber espionage operations against dozens of American and Canadian companies, according to a private report that provides unusual new details about China’s involvement in cybertheft of economic and trade secrets.

The report by computer security firm Mandiant Corp. in Alexandria, Va., breaks new ground by attributing attacks against 141 companies to a specific 12-story office building in the financial center of Shanghai.

According to the report, the building is home to the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department, which is known as Unit 61398.

Mandiant said it traced computer penetrations to Unit 61398 by telltale digital signatures left in malware, the use of Shanghai phone numbers and social networking information posted by some of the hackers. The report profiles three operatives associated with the unit, including one known by the moniker “Ugly Gorilla.”

It said it’s impossible to inventory the losses since hackers often copy, rather than remove, digital data and erase all but traces of the theft.

Mandiant, which signs confidentiality agreements with its clients, did not name the companies targeted. The New York Times first disclosed details from the report Tuesday.

Chinese authorities have repeatedly denied any government involvement in hacking of U.S. companies. Officials at the Chinese Embassy in Washington did not answer phone calls or emails Tuesday.

Richard Bejtlich, Mandiant’s security director, said the report “should dismiss all the wiggle room that the Chinese use to deny engaging in this conduct.”

Bejtlich said U.S. officials had indicated that they were “ready to go beyond just sort of watching the fireworks happen and they wouldn’t be particularly upset if we released a report.”

President Barack Obama signed an executive order last week that aims to improve U.S. cyberdefenses by sharing more classified government information about digital threats with private companies that operate critical infrastructure, including energy, telecommunications, utilities and dams.

White House spokesman Jay Carney declined to address the report or discuss U.S. intelligence assessments of Chinese cyberspying.

“We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including the military, and we will continue to do so,” Carney told reporters.

U.S. intelligence officials have said for years that Chinese cyberattacks present a growing threat to U.S. security and economic interests, but they have been reluctant to provide details in public.

A highly classified National Intelligence Estimate under preparation asserts that China is a major player in cyberattacks, along with Russia, Iran and several other countries.

U.S. intelligence and military agencies conduct aggressive cyberoperations against foreign governments and their agencies. U.S. and Israeli experts, for example, allegedly cooperated on a cyberattack that sabotaged Iran’s efforts to enrich uranium for several years.

But U.S. intelligence officials said they don’t steal foreign trade secrets or technology to benefit U.S. companies.

Bejtlich said no evidence indicates that Unit 61398 tried to destroy American infrastructure via a cyberattack, but he said the unit stole potentially sensitive data from electric utilities and chemical companies.

“By virtue of the access that they have, they could cause some damage,” he said. “They wouldn’t even have to do it on purpose.”

It’s sometimes easier for hackers to disable computer networks than to sneak into them and steal data, said Michael Hayden, former head of the CIA and the National Security Agency, which conducts America’s digital spying abroad.

“In the cyber domain, an actual attack is often easier than conducting the reconnaissance,” Hayden said in an email. “That’s what makes this so unnerving.”

Members of the House and the Senate intelligence committees responded sharply to the 76-page report.

“This is a sobering public report on the lengths to which the Chinese military has gone to infiltrate and hack American companies,” said Sen. Dianne Feinstein, D-Calif., who chairs the Senate Intelligence Committee.

“The Chinese government’s direct role in cybertheft is rampant and the problems have grown exponentially,” said Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee.